proxy_ftp.c revision ec69fc6e323eb1f3112966e06e9e37be608d052c
f743002678eb67b99bbc29fee116b65d9530fec0wrowe/* ====================================================================
80833bb9a1bf25dcf19e814438a4b311d2e1f4cffuankg * The Apache Software License, Version 1.1
793214f67dede32edfd9ee96c664ead04d175cbbjfclere *
793214f67dede32edfd9ee96c664ead04d175cbbjfclere * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
cc5a4a08dc9783fcbc52ce86f11e01c281a43810minfrin * reserved.
aba55cd5d565f6f00a3d0e17c5724fdd3a50827ftrawick *
aba55cd5d565f6f00a3d0e17c5724fdd3a50827ftrawick * Redistribution and use in source and binary forms, with or without
aba55cd5d565f6f00a3d0e17c5724fdd3a50827ftrawick * modification, are permitted provided that the following conditions
33124689065ade0dfc8c54d8ebb734f9439cb89btrawick * are met:
33124689065ade0dfc8c54d8ebb734f9439cb89btrawick *
33124689065ade0dfc8c54d8ebb734f9439cb89btrawick * 1. Redistributions of source code must retain the above copyright
3ccfc257819b3bad063cd3ac9dd1670d5d2ae4d2kbrand * notice, this list of conditions and the following disclaimer.
3ccfc257819b3bad063cd3ac9dd1670d5d2ae4d2kbrand *
3ccfc257819b3bad063cd3ac9dd1670d5d2ae4d2kbrand * 2. Redistributions in binary form must reproduce the above copyright
3ccfc257819b3bad063cd3ac9dd1670d5d2ae4d2kbrand * notice, this list of conditions and the following disclaimer in
85af5dafbbd8ae9f496e4349ec0d7b0411439a71trawick * the documentation and/or other materials provided with the
85af5dafbbd8ae9f496e4349ec0d7b0411439a71trawick * distribution.
85af5dafbbd8ae9f496e4349ec0d7b0411439a71trawick *
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener * 3. The end-user documentation included with the redistribution,
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener * if any, must include the following acknowledgment:
9b0076ddd1103e5fa9c1f9bafde4b06ce244fbaecovener * "This product includes software developed by the
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza * Apache Software Foundation (http://www.apache.org/)."
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza * Alternately, this acknowledgment may appear in the software itself,
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza * if and wherever such third-party acknowledgments normally appear.
249d09d51808cb7981af99762c3b3736ca126cd5jkaluza *
56589be3d7a3e9343370df240010c6928cc78b39jkaluza * 4. The names "Apache" and "Apache Software Foundation" must
56589be3d7a3e9343370df240010c6928cc78b39jkaluza * not be used to endorse or promote products derived from this
56589be3d7a3e9343370df240010c6928cc78b39jkaluza * software without prior written permission. For written
8c4967445b49a1612b3f98c1dada65e597ecfe26trawick * permission, please contact apache@apache.org.
8c4967445b49a1612b3f98c1dada65e597ecfe26trawick *
8c4967445b49a1612b3f98c1dada65e597ecfe26trawick * 5. Products derived from this software may not be called "Apache",
61fefed8ce5211c31b44f3a38a6e76ca055e5780trawick * nor may "Apache" appear in their name, without prior written
61fefed8ce5211c31b44f3a38a6e76ca055e5780trawick * permission of the Apache Software Foundation.
61fefed8ce5211c31b44f3a38a6e76ca055e5780trawick *
61fefed8ce5211c31b44f3a38a6e76ca055e5780trawick * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
6001d914962deabb83a46251001612e969bdf67ajim * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
6001d914962deabb83a46251001612e969bdf67ajim * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
6001d914962deabb83a46251001612e969bdf67ajim * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
c4e8006db0cf457c68876d7d4c30dcc451d8cba7jkaluza * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
c4e8006db0cf457c68876d7d4c30dcc451d8cba7jkaluza * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
c4e8006db0cf457c68876d7d4c30dcc451d8cba7jkaluza * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
652bacc79dd7f980249784cc8c4838e8f1de7e8acovener * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
652bacc79dd7f980249784cc8c4838e8f1de7e8acovener * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
652bacc79dd7f980249784cc8c4838e8f1de7e8acovener * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
652bacc79dd7f980249784cc8c4838e8f1de7e8acovener * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
f4db898517ccc6ef1a403630de56918286d3a47eminfrin * SUCH DAMAGE.
f4db898517ccc6ef1a403630de56918286d3a47eminfrin * ====================================================================
f4db898517ccc6ef1a403630de56918286d3a47eminfrin *
28a723b775c7666281298eab813c63ac42270f95humbedooh * This software consists of voluntary contributions made by many
28a723b775c7666281298eab813c63ac42270f95humbedooh * individuals on behalf of the Apache Software Foundation. For more
28a723b775c7666281298eab813c63ac42270f95humbedooh * information on the Apache Software Foundation, please see
067698ad30941e38ef5d7f95f1c2736c2ebc5cb9humbedooh * <http://www.apache.org/>.
067698ad30941e38ef5d7f95f1c2736c2ebc5cb9humbedooh *
067698ad30941e38ef5d7f95f1c2736c2ebc5cb9humbedooh * Portions of this software are based upon public domain software
7a437ce535a5fac890296402ba483c2f41bb6500trawick * originally written at the National Center for Supercomputing Applications,
7a437ce535a5fac890296402ba483c2f41bb6500trawick * University of Illinois, Urbana-Champaign.
7a437ce535a5fac890296402ba483c2f41bb6500trawick */
d8a6de5eec06d4136839c8f7a56a6ab5acd2d3behumbedooh
6e1e45624d6f32110383bb0bd06c254c1dba8123humbedooh/* FTP routines for Apache proxy */
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletc
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletc#include "mod_proxy.h"
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletc#if APR_HAVE_TIME_H
77ca16c5676da23155311e13cee61e7eaba9fa3ejailletc#include <time.h>
921d32d80d8271da08f12fc374a69cb36d1d63b3covener#endif
921d32d80d8271da08f12fc374a69cb36d1d63b3covener
921d32d80d8271da08f12fc374a69cb36d1d63b3covener#define AUTODETECT_PWD
3e097af23e40c45aa32602545155f0964ab5c69dcovener/* Automatic timestamping (Last-Modified header) based on MDTM is used if:
3e097af23e40c45aa32602545155f0964ab5c69dcovener * 1) the FTP server supports the MDTM command and
3e097af23e40c45aa32602545155f0964ab5c69dcovener * 2) HAVE_TIMEGM (preferred) or HAVE_GMTOFF is available at compile time
faea99bb676ec50ece38da6b1879aa37546483a2covener */
faea99bb676ec50ece38da6b1879aa37546483a2covener#define USE_MDTM
faea99bb676ec50ece38da6b1879aa37546483a2covener
86a5604df726638a2b8085e993b4b79c4b3a5262covener
faea99bb676ec50ece38da6b1879aa37546483a2covenermodule AP_MODULE_DECLARE_DATA proxy_ftp_module;
344f755169e100ea8ce51e847a0bf30a13b46917covener
344f755169e100ea8ce51e847a0bf30a13b46917covenerint ap_proxy_ftp_canon(request_rec *r, char *url);
344f755169e100ea8ce51e847a0bf30a13b46917covenerint ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
fcd5c4e9e126e867eb270ed2d4138348cb1e46e5trawick char *url, const char *proxyhost,
fcd5c4e9e126e867eb270ed2d4138348cb1e46e5trawick apr_port_t proxyport);
fcd5c4e9e126e867eb270ed2d4138348cb1e46e5trawickapr_status_t ap_proxy_send_dir_filter(ap_filter_t * f,
50cfe8bbbaf4279375802531268e2bf0155215fetrawick apr_bucket_brigade *bb);
50cfe8bbbaf4279375802531268e2bf0155215fetrawick
50cfe8bbbaf4279375802531268e2bf0155215fetrawick
50cfe8bbbaf4279375802531268e2bf0155215fetrawick/*
5cb0075c38fc868730c4981e346845dad6c7ea58chrisd * Decodes a '%' escaped string, and returns the number of characters
5cb0075c38fc868730c4981e346845dad6c7ea58chrisd */
5cb0075c38fc868730c4981e346845dad6c7ea58chrisdstatic int decodeenc(char *x)
5cb0075c38fc868730c4981e346845dad6c7ea58chrisd{
ffaa9771884a8664f0e6267efbe9d26b40000461trawick int i, j, ch;
ffaa9771884a8664f0e6267efbe9d26b40000461trawick
ffaa9771884a8664f0e6267efbe9d26b40000461trawick if (x[0] == '\0')
ffaa9771884a8664f0e6267efbe9d26b40000461trawick return 0; /* special case for no characters */
f87299dab99bc04b51a6b8cad51b6795db862c0atrawick for (i = 0, j = 0; x[i] != '\0'; i++, j++) {
f87299dab99bc04b51a6b8cad51b6795db862c0atrawick /* decode it if not already done */
f87299dab99bc04b51a6b8cad51b6795db862c0atrawick ch = x[i];
4d12805e6c18253040223ea637acd6b3b3c18f60jorton if (ch == '%' && apr_isxdigit(x[i + 1]) && apr_isxdigit(x[i + 2])) {
4d12805e6c18253040223ea637acd6b3b3c18f60jorton ch = ap_proxy_hex2c(&x[i + 1]);
4d12805e6c18253040223ea637acd6b3b3c18f60jorton i += 2;
4d12805e6c18253040223ea637acd6b3b3c18f60jorton }
4d12805e6c18253040223ea637acd6b3b3c18f60jorton x[j] = ch;
e5d909f2b06bd880fb3675cd49363df981caa631trawick }
a4df2cd1e1391575a327c2a90ba4315f805a0a78covener x[j] = '\0';
a4df2cd1e1391575a327c2a90ba4315f805a0a78covener return j;
a4df2cd1e1391575a327c2a90ba4315f805a0a78covener}
cb666b29f81df1d11d65002250153353568021fccovener
cb666b29f81df1d11d65002250153353568021fccovener/*
cb666b29f81df1d11d65002250153353568021fccovener * Escape the globbing characters in a path used as argument to
6a80c3c6f4b8ea7ba5e89402b8b779b09ce020e0covener * the FTP commands (SIZE, CWD, RETR, MDTM, ...).
1c2cab00d988fc48cbe59032cf76cc0bab20d6f7covener * ftpd assumes '\\' as a quoting character to escape special characters.
6a80c3c6f4b8ea7ba5e89402b8b779b09ce020e0covener * Returns: escaped string
75a230a728338d84dcfe81edd375352f34de22d0covener */
75a230a728338d84dcfe81edd375352f34de22d0covener#define FTP_GLOBBING_CHARS "*?[{~"
75a230a728338d84dcfe81edd375352f34de22d0covenerstatic char *ftp_escape_globbingchars(apr_pool_t *p, const char *path)
1f50dc34ae069adeed20b2986e5ffdefa5c410e0covener{
1f50dc34ae069adeed20b2986e5ffdefa5c410e0covener char *ret = apr_palloc(p, 2*strlen(path)+sizeof(""));
1f50dc34ae069adeed20b2986e5ffdefa5c410e0covener char *d;
63a5ea80bddcc84a462e40f402b4f330e0e05411covener for (d = ret; *path; ++path) {
63a5ea80bddcc84a462e40f402b4f330e0e05411covener if (strchr(FTP_GLOBBING_CHARS, *path) != NULL)
63a5ea80bddcc84a462e40f402b4f330e0e05411covener *d++ = '\\';
63a5ea80bddcc84a462e40f402b4f330e0e05411covener *d++ = *path;
986f3ea2c314d4d4b3b937149853a0f23f6119aaminfrin }
986f3ea2c314d4d4b3b937149853a0f23f6119aaminfrin *d = '\0';
986f3ea2c314d4d4b3b937149853a0f23f6119aaminfrin return ret;
65a4e663b82f8bce28ac22ab2edfd7502de36998sf}
65a4e663b82f8bce28ac22ab2edfd7502de36998sf
65a4e663b82f8bce28ac22ab2edfd7502de36998sf/*
65a4e663b82f8bce28ac22ab2edfd7502de36998sf * Check for globbing characters in a path used as argument to
c7de1955eb0eaeabf7042902476397692672d549sf * the FTP commands (SIZE, CWD, RETR, MDTM, ...).
509622419be000045d461ef38fb97df778fdf81djailletc * ftpd assumes '\\' as a quoting character to escape special characters.
509622419be000045d461ef38fb97df778fdf81djailletc * Returns: 0 (no globbing chars, or all globbing chars escaped), 1 (globbing chars)
509622419be000045d461ef38fb97df778fdf81djailletc */
509622419be000045d461ef38fb97df778fdf81djailletcstatic int ftp_check_globbingchars(const char *path)
0b9de55d178312ec929dbe417dd61199b269991djailletc{
0b9de55d178312ec929dbe417dd61199b269991djailletc for ( ; *path; ++path) {
0b9de55d178312ec929dbe417dd61199b269991djailletc if (*path == '\\')
0b9de55d178312ec929dbe417dd61199b269991djailletc ++path;
74e7f6c55fd67b10cb400b3f6d1dc718a303d944minfrin if (path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL)
74e7f6c55fd67b10cb400b3f6d1dc718a303d944minfrin return TRUE;
74e7f6c55fd67b10cb400b3f6d1dc718a303d944minfrin }
74e7f6c55fd67b10cb400b3f6d1dc718a303d944minfrin return FALSE;
a511a29faf2ff7ead3b67680154a624effb31aafminfrin}
a511a29faf2ff7ead3b67680154a624effb31aafminfrin
a511a29faf2ff7ead3b67680154a624effb31aafminfrin/*
a511a29faf2ff7ead3b67680154a624effb31aafminfrin * checks an encoded ftp string for bad characters, namely, CR, LF or
a511a29faf2ff7ead3b67680154a624effb31aafminfrin * non-ascii character
63921358ef93fcb41bc71d9894221ba3d7fbb87bminfrin */
63921358ef93fcb41bc71d9894221ba3d7fbb87bminfrinstatic int ftp_check_string(const char *x)
63921358ef93fcb41bc71d9894221ba3d7fbb87bminfrin{
deec48c67d4786bc77112ffbf3a4e70b931097edminfrin int i, ch = 0;
6d601599d3d65df0410eae6e573e75b2dbfb1fb4minfrin#if APR_CHARSET_EBCDIC
6d601599d3d65df0410eae6e573e75b2dbfb1fb4minfrin char buf[1];
6d601599d3d65df0410eae6e573e75b2dbfb1fb4minfrin#endif
6d601599d3d65df0410eae6e573e75b2dbfb1fb4minfrin
4c02bab56a528a180bbe394d8b6e6fd9c1a3ac1esf for (i = 0; x[i] != '\0'; i++) {
4c02bab56a528a180bbe394d8b6e6fd9c1a3ac1esf ch = x[i];
4c02bab56a528a180bbe394d8b6e6fd9c1a3ac1esf if (ch == '%' && apr_isxdigit(x[i + 1]) && apr_isxdigit(x[i + 2])) {
4c02bab56a528a180bbe394d8b6e6fd9c1a3ac1esf ch = ap_proxy_hex2c(&x[i + 1]);
2c487ac43b583db869e743772a7a10b278aa2bcfminfrin i += 2;
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener }
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener#if !APR_CHARSET_EBCDIC
5c43d2fb853f84497b5ece2d414ef9484aa87e5fsf if (ch == '\015' || ch == '\012' || (ch & 0x80))
05a5a9c3e16f21566e1b61f4bd68025ce1b741ccjoes#else /* APR_CHARSET_EBCDIC */
05a5a9c3e16f21566e1b61f4bd68025ce1b741ccjoes if (ch == '\r' || ch == '\n')
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq return 0;
26c5829347f6a355c00f1ba0301d575056b69536niq buf[0] = ch;
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq ap_xlate_proto_to_ascii(buf, 1);
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq if (buf[0] & 0x80)
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq#endif /* APR_CHARSET_EBCDIC */
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq return 0;
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq }
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq return 1;
413ee814748f37be168ff12407fa6dba0ceeabe6trawick}
c12917da693bae4028a1d5a5e8224bceed8c739dsf
c12917da693bae4028a1d5a5e8224bceed8c739dsf/*
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf * Canonicalise ftp URLs.
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf */
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsfint ap_proxy_ftp_canon(request_rec *r, char *url)
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf{
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf char *user, *password, *host, *path, *parms, *strp, sport[7];
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf apr_pool_t *p = r->pool;
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf const char *err;
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf apr_port_t port, def_port;
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf /* */
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf if (strncasecmp(url, "ftp:", 4) == 0) {
9811aed12bbc71783d2e544ccb5fecd193843eadsf url += 4;
9811aed12bbc71783d2e544ccb5fecd193843eadsf }
9811aed12bbc71783d2e544ccb5fecd193843eadsf else {
1366443dc565c33e7b449ae428bbfc4c86f33935drh return DECLINED;
1366443dc565c33e7b449ae428bbfc4c86f33935drh }
88fac54d9d64f85bbdab5d7010816f4377f95bd7rjung def_port = apr_uri_port_of_scheme("ftp");
88fac54d9d64f85bbdab5d7010816f4377f95bd7rjung
bd3f5647b96d378d9c75c954e3f13582af32c643sf ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
bd3f5647b96d378d9c75c954e3f13582af32c643sf "proxy: FTP: canonicalising URL %s", url);
bd3f5647b96d378d9c75c954e3f13582af32c643sf
bd3f5647b96d378d9c75c954e3f13582af32c643sf port = def_port;
bd3f5647b96d378d9c75c954e3f13582af32c643sf err = ap_proxy_canon_netloc(p, &url, &user, &password, &host, &port);
2a7beea91d46beb41f043a84eaad060047ee04aafabien if (err)
2a7beea91d46beb41f043a84eaad060047ee04aafabien return HTTP_BAD_REQUEST;
2a7beea91d46beb41f043a84eaad060047ee04aafabien if (user != NULL && !ftp_check_string(user))
2a7beea91d46beb41f043a84eaad060047ee04aafabien return HTTP_BAD_REQUEST;
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf if (password != NULL && !ftp_check_string(password))
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf return HTTP_BAD_REQUEST;
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf /* now parse path/parameters args, according to rfc1738 */
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf /*
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf * N.B. if this isn't a true proxy request, then the URL path (but not
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf * query args) has already been decoded. This gives rise to the problem
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf * of a ; being decoded into the path.
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf */
132ee6ac1c26d6e8953836316ba50734eefab47bsf strp = strchr(url, ';');
132ee6ac1c26d6e8953836316ba50734eefab47bsf if (strp != NULL) {
132ee6ac1c26d6e8953836316ba50734eefab47bsf *(strp++) = '\0';
85eacfc96a04547ef25aabbc06440039715084c2jorton parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm,
85eacfc96a04547ef25aabbc06440039715084c2jorton r->proxyreq);
85eacfc96a04547ef25aabbc06440039715084c2jorton if (parms == NULL)
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick return HTTP_BAD_REQUEST;
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick }
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick else
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick parms = "";
79c5787b92ac5f0e1cc82393816c77a006399316trawick
79c5787b92ac5f0e1cc82393816c77a006399316trawick path = ap_proxy_canonenc(p, url, strlen(url), enc_path, r->proxyreq);
79c5787b92ac5f0e1cc82393816c77a006399316trawick if (path == NULL)
79c5787b92ac5f0e1cc82393816c77a006399316trawick return HTTP_BAD_REQUEST;
c967bf3bc89e8aa60dbd30d9da388e448ddc1cc4trawick if (!ftp_check_string(path))
79c5787b92ac5f0e1cc82393816c77a006399316trawick return HTTP_BAD_REQUEST;
79c5787b92ac5f0e1cc82393816c77a006399316trawick
79c5787b92ac5f0e1cc82393816c77a006399316trawick if (r->proxyreq && r->args != NULL) {
79c5787b92ac5f0e1cc82393816c77a006399316trawick if (strp != NULL) {
79c5787b92ac5f0e1cc82393816c77a006399316trawick strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1);
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton if (strp == NULL)
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton return HTTP_BAD_REQUEST;
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton parms = apr_pstrcat(p, parms, "?", strp, NULL);
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton }
536e48c08d674acac5d44929318f2ad928edc361jorton else {
536e48c08d674acac5d44929318f2ad928edc361jorton strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1);
e81785da447b469da66f218b3f0244aab507958djorton if (strp == NULL)
e81785da447b469da66f218b3f0244aab507958djorton return HTTP_BAD_REQUEST;
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton path = apr_pstrcat(p, path, "?", strp, NULL);
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton }
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton r->args = NULL;
53e9b27aba029b18be814df40bcf6f0428771d1efuankg }
53e9b27aba029b18be814df40bcf6f0428771d1efuankg
53e9b27aba029b18be814df40bcf6f0428771d1efuankg/* now, rebuild URL */
53e9b27aba029b18be814df40bcf6f0428771d1efuankg
53e9b27aba029b18be814df40bcf6f0428771d1efuankg if (port != def_port)
6bb524f1895f30265a1431afc460977d391cb36bsf apr_snprintf(sport, sizeof(sport), ":%d", port);
6bb524f1895f30265a1431afc460977d391cb36bsf else
ca61ccd0c306c2c72df153688ba1b49f3eceed80sf sport[0] = '\0';
6bb524f1895f30265a1431afc460977d391cb36bsf
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin r->filename = apr_pstrcat(p, "proxy:ftp://", (user != NULL) ? user : "",
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin (password != NULL) ? ":" : "",
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin (password != NULL) ? password : "",
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin (user != NULL) ? "@" : "", host, sport, "/", path,
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin (parms[0] != '\0') ? ";" : "", parms, NULL);
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin return OK;
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin}
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung/* we chop lines longer than 80 characters */
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung#define MAX_LINE_LEN 80
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung/*
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung * Reads response lines, returns both the ftp status code and
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung * remembers the response message in the supplied buffer
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung */
6249dfa569d3b4f1f539665b979a80c6e335d93etrawickstatic int ftp_getrc_msg(conn_rec *ftp_ctrl, apr_bucket_brigade *bb, char *msgbuf, int msglen)
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick{
0827cb14e550f6f65018431c22c2c913631c8f25kbrand int status;
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick char response[MAX_LINE_LEN];
ae600ca541efc686b34f8b1f21bd3d0741d37674covener char buff[5];
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick char *mb = msgbuf, *me = &msgbuf[msglen];
cfa64348224b66dd1c9979b809406c4d15b1c137fielding apr_status_t rv;
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim int eos;
cfa64348224b66dd1c9979b809406c4d15b1c137fielding
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim if (APR_SUCCESS != (rv = ap_proxy_string_read(ftp_ctrl, bb, response, sizeof(response), &eos))) {
cfa64348224b66dd1c9979b809406c4d15b1c137fielding return -1;
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim }
cfa64348224b66dd1c9979b809406c4d15b1c137fielding/*
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
cfa64348224b66dd1c9979b809406c4d15b1c137fielding "proxy: <FTP: %s", response);
*/
if (!apr_isdigit(response[0]) || !apr_isdigit(response[1]) ||
!apr_isdigit(response[2]) || (response[3] != ' ' && response[3] != '-'))
status = 0;
else
status = 100 * response[0] + 10 * response[1] + response[2] - 111 * '0';
mb = apr_cpystrn(mb, response + 4, me - mb);
if (response[3] == '-') {
memcpy(buff, response, 3);
buff[3] = ' ';
do {
if (APR_SUCCESS != (rv = ap_proxy_string_read(ftp_ctrl, bb, response, sizeof(response), &eos))) {
return -1;
}
mb = apr_cpystrn(mb, response + (' ' == response[0] ? 1 : 4), me - mb);
} while (memcmp(response, buff, 4) != 0);
}
return status;
}
/* this is a filter that turns a raw ASCII directory listing into pretty HTML */
/* ideally, mod_proxy should simply send the raw directory list up the filter
* stack to mod_autoindex, which in theory should turn the raw ascii into
* pretty html along with all the bells and whistles it provides...
*
* all in good time...! :)
*/
typedef struct {
apr_bucket_brigade *in;
char buffer[MAX_STRING_LEN];
enum {
HEADER, BODY, FOOTER
} state;
} proxy_dir_ctx_t;
apr_status_t ap_proxy_send_dir_filter(ap_filter_t *f, apr_bucket_brigade *in)
{
request_rec *r = f->r;
conn_rec *c = r->connection;
apr_pool_t *p = r->pool;
apr_bucket_brigade *out = apr_brigade_create(p, c->bucket_alloc);
apr_status_t rv;
register int n;
char *dir, *path, *reldir, *site, *str, *type;
const char *pwd = apr_table_get(r->notes, "Directory-PWD");
const char *readme = apr_table_get(r->notes, "Directory-README");
proxy_dir_ctx_t *ctx = f->ctx;
if (!ctx) {
f->ctx = ctx = apr_pcalloc(p, sizeof(*ctx));
ctx->in = apr_brigade_create(p, c->bucket_alloc);
ctx->buffer[0] = 0;
ctx->state = HEADER;
}
/* combine the stored and the new */
APR_BRIGADE_CONCAT(ctx->in, in);
if (HEADER == ctx->state) {
/* basedir is either "", or "/%2f" for the "squid %2f hack" */
const char *basedir = ""; /* By default, path is relative to the $HOME dir */
char *wildcard = NULL;
/* Save "scheme://site" prefix without password */
site = apr_uri_unparse(p, &f->r->parsed_uri, APR_URI_UNP_OMITPASSWORD | APR_URI_UNP_OMITPATHINFO);
/* ... and path without query args */
path = apr_uri_unparse(p, &f->r->parsed_uri, APR_URI_UNP_OMITSITEPART | APR_URI_UNP_OMITQUERY);
/* If path began with /%2f, change the basedir */
if (strncasecmp(path, "/%2f", 4) == 0) {
basedir = "/%2f";
}
/* Strip off a type qualifier. It is ignored for dir listings */
if ((type = strstr(path, ";type=")) != NULL)
*type++ = '\0';
(void)decodeenc(path);
while (path[1] == '/') /* collapse multiple leading slashes to one */
++path;
reldir = strrchr(path, '/');
if (reldir != NULL && ftp_check_globbingchars(reldir)) {
wildcard = &reldir[1];
reldir[0] = '\0'; /* strip off the wildcard suffix */
}
/* Copy path, strip (all except the last) trailing slashes */
/* (the trailing slash is needed for the dir component loop below) */
path = dir = apr_pstrcat(p, path, "/", NULL);
for (n = strlen(path); n > 1 && path[n - 1] == '/' && path[n - 2] == '/'; --n)
path[n - 1] = '\0';
/* Add a link to the root directory (if %2f hack was used) */
str = (basedir[0] != '\0') ? "<a href=\"/%2f/\">%2f</a>/" : "";
/* print "ftp://host/" */
str = apr_psprintf(p, DOCTYPE_HTML_3_2
"<html>\n <head>\n <title>%s%s%s</title>\n"
" <base href=\"%s%s%s\">\n </head>\n"
" <body>\n <h2>Directory of "
"<a href=\"/\">%s</a>/%s",
site, basedir, ap_escape_html(p, path),
site, basedir, ap_escape_uri(p, path),
site, str);
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str),
p, c->bucket_alloc));
for (dir = path+1; (dir = strchr(dir, '/')) != NULL; )
{
*dir = '\0';
if ((reldir = strrchr(path+1, '/'))==NULL) {
reldir = path+1;
}
else
++reldir;
/* print "path/" component */
str = apr_psprintf(p, "<a href=\"%s%s/\">%s</a>/", basedir,
ap_escape_uri(p, path),
ap_escape_html(p, reldir));
*dir = '/';
while (*dir == '/')
++dir;
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str,
strlen(str), p,
c->bucket_alloc));
}
if (wildcard != NULL) {
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,
strlen(wildcard), p,
c->bucket_alloc));
}
/* If the caller has determined the current directory, and it differs */
/* from what the client requested, then show the real name */
if (pwd == NULL || strncmp(pwd, path, strlen(pwd)) == 0) {
str = apr_psprintf(p, "</h2>\n\n <hr />\n\n<pre>");
}
else {
str = apr_psprintf(p, "</h2>\n\n(%s)\n\n <hr />\n\n<pre>",
ap_escape_html(p, pwd));
}
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str),
p, c->bucket_alloc));
/* print README */
if (readme) {
str = apr_psprintf(p, "%s\n</pre>\n\n<hr />\n\n<pre>\n",
ap_escape_html(p, readme));
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str,
strlen(str), p,
c->bucket_alloc));
}
/* make sure page intro gets sent out */
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_flush_create(c->bucket_alloc));
if (APR_SUCCESS != (rv = ap_pass_brigade(f->next, out))) {
return rv;
}
apr_brigade_cleanup(out);
ctx->state = BODY;
}
/* loop through each line of directory */
while (BODY == ctx->state) {
char *filename;
int found = 0;
int eos = 0;
regex_t *re = NULL;
regmatch_t re_result[3];
/* Compile the output format of "ls -s1" as a fallback for non-unix ftp listings */
re = ap_pregcomp(p, "^ *([0-9]+) +([^ ]+)$", REG_EXTENDED);
/* get a complete line */
/* if the buffer overruns - throw data away */
while (!found && !APR_BRIGADE_EMPTY(ctx->in)) {
char *pos, *response;
apr_size_t len, max;
apr_bucket *e;
e = APR_BRIGADE_FIRST(ctx->in);
if (APR_BUCKET_IS_EOS(e)) {
eos = 1;
break;
}
if (APR_SUCCESS != (rv = apr_bucket_read(e, (const char **)&response, &len, APR_BLOCK_READ))) {
return rv;
}
pos = memchr(response, APR_ASCII_LF, len);
if (pos != NULL) {
if ((response + len) != (pos + 1)) {
len = pos - response + 1;
apr_bucket_split(e, pos - response + 1);
}
found = 1;
}
max = sizeof(ctx->buffer) - strlen(ctx->buffer) - 1;
if (len > max) {
len = max;
}
/* len+1 to leave space for the trailing nil char */
apr_cpystrn(ctx->buffer+strlen(ctx->buffer), response, len+1);
APR_BUCKET_REMOVE(e);
apr_bucket_destroy(e);
}
/* EOS? jump to footer */
if (eos) {
ctx->state = FOOTER;
break;
}
/* not complete? leave and try get some more */
if (!found) {
return APR_SUCCESS;
}
{
apr_size_t n = strlen(ctx->buffer);
if (ctx->buffer[n-1] == CRLF[1]) /* strip trailing '\n' */
ctx->buffer[--n] = '\0';
if (ctx->buffer[n-1] == CRLF[0]) /* strip trailing '\r' if present */
ctx->buffer[--n] = '\0';
}
/* a symlink? */
if (ctx->buffer[0] == 'l' && (filename = strstr(ctx->buffer, " -> ")) != NULL) {
char *link_ptr = filename;
do {
filename--;
} while (filename[0] != ' ' && filename > ctx->buffer);
if (filename > ctx->buffer)
*(filename++) = '\0';
*(link_ptr++) = '\0';
str = apr_psprintf(p, "%s <a href=\"%s\">%s %s</a>\n",
ap_escape_html(p, ctx->buffer),
ap_escape_uri(p, filename),
ap_escape_html(p, filename),
ap_escape_html(p, link_ptr));
}
/* a directory/file? */
else if (ctx->buffer[0] == 'd' || ctx->buffer[0] == '-' || ctx->buffer[0] == 'l' || apr_isdigit(ctx->buffer[0])) {
int searchidx = 0;
char *searchptr = NULL;
int firstfile = 1;
if (apr_isdigit(ctx->buffer[0])) { /* handle DOS dir */
searchptr = strchr(ctx->buffer, '<');
if (searchptr != NULL)
*searchptr = '[';
searchptr = strchr(ctx->buffer, '>');
if (searchptr != NULL)
*searchptr = ']';
}
filename = strrchr(ctx->buffer, ' ');
*(filename++) = '\0';
/* handle filenames with spaces in 'em */
if (!strcmp(filename, ".") || !strcmp(filename, "..") || firstfile) {
firstfile = 0;
searchidx = filename - ctx->buffer;
}
else if (searchidx != 0 && ctx->buffer[searchidx] != 0) {
*(--filename) = ' ';
ctx->buffer[searchidx - 1] = '\0';
filename = &ctx->buffer[searchidx];
}
/* Append a slash to the HREF link for directories */
if (!strcmp(filename, ".") || !strcmp(filename, "..") || ctx->buffer[0] == 'd') {
str = apr_psprintf(p, "%s <a href=\"%s/\">%s</a>\n",
ap_escape_html(p, ctx->buffer),
ap_escape_uri(p, filename),
ap_escape_html(p, filename));
}
else {
str = apr_psprintf(p, "%s <a href=\"%s\">%s</a>\n",
ap_escape_html(p, ctx->buffer),
ap_escape_uri(p, filename),
ap_escape_html(p, filename));
}
}
/* Try a fallback for listings in the format of "ls -s1" */
else if (0 == ap_regexec(re, ctx->buffer, 3, re_result, 0)) {
filename = apr_pstrndup(p, &ctx->buffer[re_result[2].rm_so], re_result[2].rm_eo - re_result[2].rm_so);
str = apr_pstrcat(p, ap_escape_html(p, apr_pstrndup(p, ctx->buffer, re_result[2].rm_so)),
"<a href=\"", ap_escape_uri(p, filename), "\">",
ap_escape_html(p, filename), "</a>\n", NULL);
}
else {
strcat(ctx->buffer, "\n"); /* re-append the newline */
str = ap_escape_html(p, ctx->buffer);
}
/* erase buffer for next time around */
ctx->buffer[0] = 0;
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), p,
c->bucket_alloc));
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_flush_create(c->bucket_alloc));
if (APR_SUCCESS != (rv = ap_pass_brigade(f->next, out))) {
return rv;
}
apr_brigade_cleanup(out);
}
if (FOOTER == ctx->state) {
str = apr_psprintf(p, "</pre>\n\n <hr />\n\n %s\n\n </body>\n</html>\n", ap_psignature("", r));
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(str, strlen(str), p,
c->bucket_alloc));
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_flush_create(c->bucket_alloc));
APR_BRIGADE_INSERT_TAIL(out, apr_bucket_eos_create(c->bucket_alloc));
if (APR_SUCCESS != (rv = ap_pass_brigade(f->next, out))) {
return rv;
}
apr_brigade_destroy(out);
}
return APR_SUCCESS;
}
/*
* Generic "send FTP command to server" routine, using the control socket.
* Returns the FTP returncode (3 digit code)
* Allows for tracing the FTP protocol (in LogLevel debug)
*/
static int
proxy_ftp_command(const char *cmd, request_rec *r, conn_rec *ftp_ctrl,
apr_bucket_brigade *bb, char **pmessage)
{
char *crlf;
int rc;
char message[HUGE_STRING_LEN];
/* If cmd == NULL, we retrieve the next ftp response line */
if (cmd != NULL) {
conn_rec *c = r->connection;
APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(cmd, strlen(cmd), r->pool, c->bucket_alloc));
APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_flush_create(c->bucket_alloc));
ap_pass_brigade(ftp_ctrl->output_filters, bb);
/* strip off the CRLF for logging */
apr_cpystrn(message, cmd, sizeof(message));
if ((crlf = strchr(message, '\r')) != NULL ||
(crlf = strchr(message, '\n')) != NULL)
*crlf = '\0';
if (strncmp(message,"PASS ", 5) == 0)
strcpy(&message[5], "****");
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy:>FTP: %s", message);
}
rc = ftp_getrc_msg(ftp_ctrl, bb, message, sizeof message);
if (rc == -1 || rc == 421)
strcpy(message,"<unable to read result>");
if ((crlf = strchr(message, '\r')) != NULL ||
(crlf = strchr(message, '\n')) != NULL)
*crlf = '\0';
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy:<FTP: %3.3u %s", rc, message);
if (pmessage != NULL)
*pmessage = apr_pstrdup(r->pool, message);
return rc;
}
/* Set ftp server to TYPE {A,I,E} before transfer of a directory or file */
static int ftp_set_TYPE(char xfer_type, request_rec *r, conn_rec *ftp_ctrl,
apr_bucket_brigade *bb, char **pmessage)
{
char old_type[2] = { 'A', '\0' }; /* After logon, mode is ASCII */
int ret = HTTP_OK;
int rc;
/* set desired type */
old_type[0] = xfer_type;
rc = proxy_ftp_command(apr_pstrcat(r->pool, "TYPE ", old_type, CRLF, NULL),
r, ftp_ctrl, bb, pmessage);
/* responses: 200, 421, 500, 501, 504, 530 */
/* 200 Command okay. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 504 Command not implemented for that parameter. */
/* 530 Not logged in. */
if (rc == -1 || rc == 421) {
ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
else if (rc != 200 && rc != 504) {
ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Unable to set transfer type");
}
/* Allow not implemented */
else if (rc == 504)
/* ignore it silently */;
return ret;
}
/* Return the current directory which we have selected on the FTP server, or NULL */
static char *ftp_get_PWD(request_rec *r, conn_rec *ftp_ctrl, apr_bucket_brigade *bb)
{
char *cwd = NULL;
char *ftpmessage = NULL;
/* responses: 257, 500, 501, 502, 421, 550 */
/* 257 "<directory-name>" <commentary> */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 550 Requested action not taken. */
switch (proxy_ftp_command("PWD" CRLF, r, ftp_ctrl, bb, &ftpmessage)) {
case -1:
case 421:
case 550:
ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Failed to read PWD on ftp server");
break;
case 257: {
const char *dirp = ftpmessage;
cwd = ap_getword_conf(r->pool, &dirp);
}
}
return cwd;
}
/* Common routine for failed authorization (i.e., missing or wrong password)
* to an ftp service. This causes most browsers to retry the request
* with username and password (which was presumably queried from the user)
* supplied in the Authorization: header.
* Note that we "invent" a realm name which consists of the
* ftp://user@host part of the reqest (sans password -if supplied but invalid-)
*/
static int ftp_unauthorized(request_rec *r, int log_it)
{
r->proxyreq = PROXYREQ_NONE;
/*
* Log failed requests if they supplied a password (log username/password
* guessing attempts)
*/
if (log_it)
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"proxy: missing or failed auth to %s",
apr_uri_unparse(r->pool,
&r->parsed_uri, APR_URI_UNP_OMITPATHINFO));
apr_table_setn(r->err_headers_out, "WWW-Authenticate",
apr_pstrcat(r->pool, "Basic realm=\"",
apr_uri_unparse(r->pool, &r->parsed_uri,
APR_URI_UNP_OMITPASSWORD | APR_URI_UNP_OMITPATHINFO),
"\"", NULL));
return HTTP_UNAUTHORIZED;
}
/*
* Handles direct access of ftp:// URLs
* Original (Non-PASV) version from
* Troy Morrison <spiffnet@zoom.com>
* PASV added by Chuck
* Filters by [Graham Leggett <minfrin@sharp.fm>]
*/
int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
char *url, const char *proxyhost,
apr_port_t proxyport)
{
apr_pool_t *p = r->pool;
conn_rec *c = r->connection;
proxy_conn_rec *backend;
apr_socket_t *sock, *local_sock, *data_sock = NULL;
apr_sockaddr_t *connect_addr;
apr_status_t rv;
conn_rec *origin, *data = NULL;
int err;
apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
char *buf, *connectname;
apr_port_t connectport;
char buffer[MAX_STRING_LEN];
char *ftpmessage = NULL;
char *path, *strp, *type_suffix, *cwd = NULL;
char *user = NULL;
/* char *account = NULL; how to supply an account in a URL? */
const char *password = NULL;
int len, rc;
int one = 1;
char *size = NULL;
apr_socket_t *origin_sock = NULL;
char xfer_type = 'A'; /* after ftp login, the default is ASCII */
int dirlisting = 0;
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
apr_time_t mtime = 0L;
#endif
/* stuff for PASV mode */
int connect = 0, use_port = 0;
char dates[APR_RFC822_DATE_LEN];
/* is this for us? */
if (proxyhost) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: declining URL %s - proxyhost %s specified:", url, proxyhost);
return DECLINED; /* proxy connections are via HTTP */
}
if (strncasecmp(url, "ftp:", 4)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: declining URL %s - not ftp:", url);
return DECLINED; /* only interested in FTP */
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: serving URL %s", url);
/* create space for state information */
backend = (proxy_conn_rec *) ap_get_module_config(c->conn_config, &proxy_ftp_module);
if (!backend) {
backend = apr_pcalloc(c->pool, sizeof(proxy_conn_rec));
backend->connection = NULL;
backend->hostname = NULL;
backend->port = 0;
ap_set_module_config(c->conn_config, &proxy_ftp_module, backend);
}
if (backend->connection)
origin_sock = ap_get_module_config(backend->connection->conn_config, &core_module);
/*
* I: Who Do I Connect To? -----------------------
*
* Break up the URL to determine the host to connect to
*/
/* we only support GET and HEAD */
if (r->method_number != M_GET)
return HTTP_NOT_IMPLEMENTED;
/* We break the URL into host, port, path-search */
connectname = r->parsed_uri.hostname;
connectport = (r->parsed_uri.port != 0)
? r->parsed_uri.port
: apr_uri_port_of_scheme("ftp");
path = apr_pstrdup(p, r->parsed_uri.path);
path = (path != NULL && path[0] != '\0') ? &path[1] : "";
type_suffix = strchr(path, ';');
if (type_suffix != NULL)
*(type_suffix++) = '\0';
if (type_suffix != NULL && strncmp(type_suffix, "type=", 5) == 0
&& apr_isalpha(type_suffix[5])) {
/* "type=d" forces a dir listing.
* The other types (i|a|e) are directly used for the ftp TYPE command
*/
if ( ! (dirlisting = (apr_tolower(type_suffix[5]) == 'd')))
xfer_type = apr_toupper(type_suffix[5]);
/* Check valid types, rather than ignoring invalid types silently: */
if (strchr("AEI", xfer_type) == NULL)
return ap_proxyerror(r, HTTP_BAD_REQUEST, apr_pstrcat(r->pool,
"ftp proxy supports only types 'a', 'i', or 'e': \"",
type_suffix, "\" is invalid.", NULL));
}
else {
/* make binary transfers the default */
xfer_type = 'I';
}
/*
* The "Authorization:" header must be checked first. We allow the user
* to "override" the URL-coded user [ & password ] in the Browsers'
* User&Password Dialog. NOTE that this is only marginally more secure
* than having the password travel in plain as part of the URL, because
* Basic Auth simply uuencodes the plain text password. But chances are
* still smaller that the URL is logged regularly.
*/
if ((password = apr_table_get(r->headers_in, "Authorization")) != NULL
&& strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
&& (password = ap_pbase64decode(r->pool, password))[0] != ':') {
/*
* Note that this allocation has to be made from r->connection->pool
* because it has the lifetime of the connection. The other
* allocations are temporary and can be tossed away any time.
*/
user = ap_getword_nulls(r->connection->pool, &password, ':');
r->ap_auth_type = "Basic";
r->user = r->parsed_uri.user = user;
}
else if ((user = r->parsed_uri.user) != NULL) {
user = apr_pstrdup(p, user);
decodeenc(user);
if ((password = r->parsed_uri.password) != NULL) {
char *tmp = apr_pstrdup(p, password);
decodeenc(tmp);
password = tmp;
}
}
else {
user = "anonymous";
password = "apache-proxy@";
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: connecting %s to %s:%d", url, connectname, connectport);
/* do a DNS lookup for the destination host */
err = apr_sockaddr_info_get(&connect_addr, connectname, APR_UNSPEC, connectport, 0, p);
/* check if ProxyBlock directive on this host */
if (OK != ap_proxy_checkproxyblock(r, conf, connect_addr)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/*
* II: Make the Connection -----------------------
*
* We have determined who to connect to. Now make the connection.
*/
/*
* get all the possible IP addresses for the destname and loop through
* them until we get a successful connection
*/
if (APR_SUCCESS != err) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p,
"DNS lookup failure for: ",
connectname, NULL));
}
/*
* At this point we have a list of one or more IP addresses of the
* machine to connect to. If configured, reorder this list so that the
* "best candidate" is first try. "best candidate" could mean the least
* loaded server, the fastest responding server, whatever.
*
* For now we do nothing, ie we get DNS round robin. XXX FIXME
*/
/* try each IP address until we connect successfully */
{
int failed = 1;
while (connect_addr) {
if ((rv = apr_socket_create(&sock, connect_addr->family, SOCK_STREAM, r->pool)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error creating socket");
continue;
}
#if !defined(TPF) && !defined(BEOS)
if (conf->recv_buffer_size > 0
&& (rv = apr_socket_opt_set(sock, APR_SO_RCVBUF,
conf->recv_buffer_size))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"apr_socket_opt_set(APR_SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
#endif
if (APR_SUCCESS != (rv = apr_socket_opt_set(sock, APR_SO_REUSEADDR, one))) {
apr_socket_close(sock);
#ifndef _OSD_POSIX /* BS2000 has this option "always on" */
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error setting reuseaddr option: apr_socket_opt_set(APR_SO_REUSEADDR)");
continue;
#endif /* _OSD_POSIX */
}
/* Set a timeout on the socket */
if (conf->timeout_set == 1) {
apr_socket_timeout_set(sock, conf->timeout);
}
else {
apr_socket_timeout_set(sock, r->server->timeout);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: fam %d socket created, trying to connect to %pI (%s)...",
connect_addr->family, connect_addr, connectname);
/* make the connection out of the socket */
rv = apr_connect(sock, connect_addr);
/* if an error occurred, loop round and try again */
if (rv != APR_SUCCESS) {
apr_socket_close(sock);
ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server,
"proxy: FTP: attempt to connect to %pI (%s) failed", connect_addr, connectname);
connect_addr = connect_addr->next;
continue;
}
/* if we get here, all is well */
failed = 0;
break;
}
/* handle a permanent error from the above loop */
if (failed) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_psprintf(r->pool,
"Could not connect to remote machine: %s port %d",
connectname, connectport));
}
}
/* the socket is now open, create a new connection */
origin = ap_run_create_connection(p, r->server, sock, r->connection->id,
r->connection->sbh, c->bucket_alloc);
if (!origin) {
/*
* the peer reset the connection already; ap_run_create_connection() closed
* the socket
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: an error occurred creating a new connection to %pI (%s)", connect_addr, connectname);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* if a keepalive connection is floating around, close it first! */
/* we might support ftp keepalives later, but not now... */
if (backend->connection) {
apr_socket_close(origin_sock);
backend->connection = NULL;
origin_sock = NULL;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: control connection complete");
/*
* III: Send Control Request -------------------------
*
* Log into the ftp server, send the username & password, change to the
* correct directory...
*/
/* set up the connection filters */
ap_run_pre_connection(origin, sock);
/* possible results: */
/* 120 Service ready in nnn minutes. */
/* 220 Service ready for new user. */
/* 421 Service not available, closing control connection. */
rc = proxy_ftp_command(NULL, r, origin, bb, &ftpmessage);
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, "Error reading from remote server");
}
if (rc == 120) {
/*
* RFC2616 states: 14.37 Retry-After
*
* The Retry-After response-header field can be used with a 503 (Service
* Unavailable) response to indicate how long the service is expected
* to be unavailable to the requesting client. [...] The value of
* this field can be either an HTTP-date or an integer number of
* seconds (in decimal) after the time of the response. Retry-After
* = "Retry-After" ":" ( HTTP-date | delta-seconds )
*/
char *secs_str = ftpmessage;
time_t secs;
/* Look for a number, preceded by whitespace */
while (*secs_str)
if ((secs_str==ftpmessage || apr_isspace(secs_str[-1])) &&
apr_isdigit(secs_str[0]))
break;
if (*secs_str != '\0') {
secs = atol(secs_str);
apr_table_add(r->headers_out, "Retry-After",
apr_psprintf(p, "%lu", (unsigned long)(60 * secs)));
}
return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, ftpmessage);
}
if (rc != 220) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
rc = proxy_ftp_command(apr_pstrcat(p, "USER ", user, CRLF, NULL),
r, origin, bb, &ftpmessage);
/* possible results; 230, 331, 332, 421, 500, 501, 530 */
/* states: 1 - error, 2 - success; 3 - send password, 4,5 fail */
/* 230 User logged in, proceed. */
/* 331 User name okay, need password. */
/* 332 Need account for login. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* (This may include errors such as command line too long.) */
/* 501 Syntax error in parameters or arguments. */
/* 530 Not logged in. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, "Error reading from remote server");
}
if (rc == 530) {
return ftp_unauthorized(r, 1); /* log it: user name guessing
* attempt? */
}
if (rc != 230 && rc != 331) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
if (rc == 331) { /* send password */
if (password == NULL) {
return ftp_unauthorized(r, 0);
}
rc = proxy_ftp_command(apr_pstrcat(p, "PASS ", password, CRLF, NULL),
r, origin, bb, &ftpmessage);
/* possible results 202, 230, 332, 421, 500, 501, 503, 530 */
/* 230 User logged in, proceed. */
/* 332 Need account for login. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 503 Bad sequence of commands. */
/* 530 Not logged in. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc == 332) {
return ap_proxyerror(r, HTTP_UNAUTHORIZED,
apr_pstrcat(p, "Need account for login: ", ftpmessage, NULL));
}
/* @@@ questionable -- we might as well return a 403 Forbidden here */
if (rc == 530) {
return ftp_unauthorized(r, 1); /* log it: passwd guessing
* attempt? */
}
if (rc != 230 && rc != 202) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
}
apr_table_set(r->notes, "Directory-README", ftpmessage);
/* Special handling for leading "%2f": this enforces a "cwd /"
* out of the $HOME directory which was the starting point after login
*/
if (strncasecmp(path, "%2f", 3) == 0) {
path += 3;
while (*path == '/') /* skip leading '/' (after root %2f) */
++path;
rc = proxy_ftp_command("CWD /" CRLF, r, origin, bb, &ftpmessage);
if (rc == -1 || rc == 421)
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
/*
* set the directory (walk directory component by component): this is
* what we must do if we don't know the OS type of the remote machine
*/
for (;;) {
strp = strchr(path, '/');
if (strp == NULL)
break;
*strp = '\0';
len = decodeenc(path); /* Note! This decodes a %2f -> "/" */
if (strchr(path, '/')) { /* are there now any '/' characters? */
return ap_proxyerror(r, HTTP_BAD_REQUEST,
"Use of /%2f is only allowed at the base directory");
}
/* NOTE: FTP servers do globbing on the path.
* So we need to escape the URI metacharacters.
* We use a special glob-escaping routine to escape globbing chars.
* We could also have extended gen_test_char.c with a special T_ESCAPE_FTP_PATH
*/
rc = proxy_ftp_command(apr_pstrcat(p, "CWD ",
ftp_escape_globbingchars(p, path), CRLF, NULL),
r, origin, bb, &ftpmessage);
*strp = '/';
/* responses: 250, 421, 500, 501, 502, 530, 550 */
/* 250 Requested file action okay, completed. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 530 Not logged in. */
/* 550 Requested action not taken. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc == 550) {
return ap_proxyerror(r, HTTP_NOT_FOUND, ftpmessage);
}
if (rc != 250) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
path = strp + 1;
}
/*
* IV: Make Data Connection? -------------------------
*
* Try EPSV, if that fails... try PASV, if that fails... try PORT.
*/
/* this temporarily switches off EPSV/PASV */
/*goto bypass;*/
/* set up data connection - EPSV */
{
apr_sockaddr_t *data_addr;
char *data_ip;
apr_port_t data_port;
/*
* The EPSV command replaces PASV where both IPV4 and IPV6 is
* supported. Only the port is returned, the IP address is always the
* same as that on the control connection. Example: Entering Extended
* Passive Mode (|||6446|)
*/
rc = proxy_ftp_command("EPSV" CRLF,
r, origin, bb, &ftpmessage);
/* possible results: 227, 421, 500, 501, 502, 530 */
/* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 530 Not logged in. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc != 229 && rc != 500 && rc != 501 && rc != 502) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
else if (rc == 229) {
char *pstr;
char *tok_cntx;
pstr = ftpmessage;
pstr = apr_strtok(pstr, " ", &tok_cntx); /* separate result code */
if (pstr != NULL) {
if (*(pstr + strlen(pstr) + 1) == '=') {
pstr += strlen(pstr) + 2;
}
else {
pstr = apr_strtok(NULL, "(", &tok_cntx); /* separate address &
* port params */
if (pstr != NULL)
pstr = apr_strtok(NULL, ")", &tok_cntx);
}
}
if (pstr) {
apr_sockaddr_t *epsv_addr;
data_port = atoi(pstr + 3);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: EPSV contacting remote host on port %d",
data_port);
if ((rv = apr_socket_create(&data_sock, connect_addr->family, SOCK_STREAM, r->pool)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error creating EPSV socket");
return HTTP_INTERNAL_SERVER_ERROR;
}
#if !defined (TPF) && !defined(BEOS)
if (conf->recv_buffer_size > 0
&& (rv = apr_socket_opt_set(data_sock, APR_SO_RCVBUF,
conf->recv_buffer_size))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: apr_socket_opt_set(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
#endif
/* make the connection */
apr_socket_addr_get(&data_addr, APR_REMOTE, sock);
apr_sockaddr_ip_get(&data_ip, data_addr);
apr_sockaddr_info_get(&epsv_addr, data_ip, connect_addr->family, data_port, 0, p);
rv = apr_connect(data_sock, epsv_addr);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server,
"proxy: FTP: EPSV attempt to connect to %pI failed - Firewall/NAT?", epsv_addr);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_psprintf(r->pool,
"EPSV attempt to connect to %pI failed - firewall/NAT?", epsv_addr));
}
else {
connect = 1;
}
}
else {
/* and try the regular way */
apr_socket_close(data_sock);
}
}
}
/* set up data connection - PASV */
if (!connect) {
rc = proxy_ftp_command("PASV" CRLF,
r, origin, bb, &ftpmessage);
/* possible results: 227, 421, 500, 501, 502, 530 */
/* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 530 Not logged in. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc != 227 && rc != 502) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
else if (rc == 227) {
unsigned int h0, h1, h2, h3, p0, p1;
char *pstr;
char *tok_cntx;
/* FIXME: Check PASV against RFC1123 */
pstr = ftpmessage;
pstr = apr_strtok(pstr, " ", &tok_cntx); /* separate result code */
if (pstr != NULL) {
if (*(pstr + strlen(pstr) + 1) == '=') {
pstr += strlen(pstr) + 2;
}
else {
pstr = apr_strtok(NULL, "(", &tok_cntx); /* separate address &
* port params */
if (pstr != NULL)
pstr = apr_strtok(NULL, ")", &tok_cntx);
}
}
/* FIXME: Only supports IPV4 - fix in RFC2428 */
if (pstr != NULL && (sscanf(pstr,
"%d,%d,%d,%d,%d,%d", &h3, &h2, &h1, &h0, &p1, &p0) == 6)) {
apr_sockaddr_t *pasv_addr;
apr_port_t pasvport = (p1 << 8) + p0;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: PASV contacting host %d.%d.%d.%d:%d",
h3, h2, h1, h0, pasvport);
if ((rv = apr_socket_create(&data_sock, connect_addr->family, SOCK_STREAM, r->pool)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: error creating PASV socket");
return HTTP_INTERNAL_SERVER_ERROR;
}
#if !defined (TPF) && !defined(BEOS)
if (conf->recv_buffer_size > 0
&& (rv = apr_socket_opt_set(data_sock, APR_SO_RCVBUF,
conf->recv_buffer_size))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: apr_socket_opt_set(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
#endif
/* make the connection */
apr_sockaddr_info_get(&pasv_addr, apr_psprintf(p, "%d.%d.%d.%d", h3, h2, h1, h0), connect_addr->family, pasvport, 0, p);
rv = apr_connect(data_sock, pasv_addr);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server,
"proxy: FTP: PASV attempt to connect to %pI failed - Firewall/NAT?", pasv_addr);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_psprintf(r->pool,
"PASV attempt to connect to %pI failed - firewall/NAT?", pasv_addr));
}
else {
connect = 1;
}
}
else {
/* and try the regular way */
apr_socket_close(data_sock);
}
}
}
/*bypass:*/
/* set up data connection - PORT */
if (!connect) {
apr_sockaddr_t *local_addr;
char *local_ip;
apr_port_t local_port;
unsigned int h0, h1, h2, h3, p0, p1;
if ((rv = apr_socket_create(&local_sock, connect_addr->family, SOCK_STREAM, r->pool)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error creating local socket");
return HTTP_INTERNAL_SERVER_ERROR;
}
apr_socket_addr_get(&local_addr, APR_LOCAL, sock);
apr_sockaddr_port_get(&local_port, local_addr);
apr_sockaddr_ip_get(&local_ip, local_addr);
if ((rv = apr_socket_opt_set(local_sock, APR_SO_REUSEADDR, one))
!= APR_SUCCESS) {
#ifndef _OSD_POSIX /* BS2000 has this option "always on" */
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error setting reuseaddr option");
return HTTP_INTERNAL_SERVER_ERROR;
#endif /* _OSD_POSIX */
}
apr_sockaddr_info_get(&local_addr, local_ip, APR_UNSPEC, local_port, 0, r->pool);
if ((rv = apr_bind(local_sock, local_addr)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error binding to ftp data socket %pI", local_addr);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* only need a short queue */
if ((rv = apr_listen(local_sock, 2)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: error listening to ftp data socket %pI", local_addr);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* FIXME: Sent PORT here */
if (local_ip && (sscanf(local_ip,
"%d.%d.%d.%d", &h3, &h2, &h1, &h0) == 4)) {
p1 = (local_port >> 8);
p0 = (local_port & 0xFF);
rc = proxy_ftp_command(apr_psprintf(p, "PORT %d,%d,%d,%d,%d,%d" CRLF, h3, h2, h1, h0, p1, p0),
r, origin, bb, &ftpmessage);
/* possible results: 200, 421, 500, 501, 502, 530 */
/* 200 Command okay. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 530 Not logged in. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc != 200) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, buffer);
}
/* signal that we must use the EPRT/PORT loop */
use_port = 1;
}
else {
/* IPV6 FIXME:
* The EPRT command replaces PORT where both IPV4 and IPV6 is supported. The first
* number (1,2) indicates the protocol type. Examples:
* EPRT |1|132.235.1.2|6275|
* EPRT |2|1080::8:800:200C:417A|5282|
*/
return ap_proxyerror(r, HTTP_NOT_IMPLEMENTED, "Connect to IPV6 ftp server using EPRT not supported. Enable EPSV.");
}
}
/*
* V: Set The Headers -------------------
*
* Get the size of the request, set up the environment for HTTP.
*/
/* set request; "path" holds last path component */
len = decodeenc(path);
if (strchr(path, '/')) { /* are there now any '/' characters? */
return ap_proxyerror(r, HTTP_BAD_REQUEST,
"Use of /%2f is only allowed at the base directory");
}
/* If len == 0 then it must be a directory (you can't RETR nothing)
* Also, don't allow to RETR by wildcard. Instead, create a dirlisting
*/
if (len == 0 || ftp_check_globbingchars(path)) {
dirlisting = 1;
}
else {
/* (from FreeBSD ftpd):
* SIZE is not in RFC959, but Postel has blessed it and
* it will be in the updated RFC.
*
* Return size of file in a format suitable for
* using with RESTART (we just count bytes).
*/
/* from draft-ietf-ftpext-mlst-14.txt:
* This value will
* change depending on the current STRUcture, MODE and TYPE of the data
* connection, or a data connection which would be created were one
* created now. Thus, the result of the SIZE command is dependent on
* the currently established STRU, MODE and TYPE parameters.
*/
/* Therefore: switch to binary if the user did not specify ";type=a" */
ftp_set_TYPE(xfer_type, r, origin, bb, &ftpmessage);
rc = proxy_ftp_command(apr_pstrcat(p, "SIZE ",
ftp_escape_globbingchars(p, path), CRLF, NULL),
r, origin, bb, &ftpmessage);
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
else if (rc == 213) {/* Size command ok */
int j;
for (j = 0; apr_isdigit(ftpmessage[j]); j++)
;
ftpmessage[j] = '\0';
if (ftpmessage[0] != '\0')
size = ftpmessage; /* already pstrdup'ed: no copy necessary */
}
else if (rc == 550) { /* Not a regular file */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: SIZE shows this is a directory");
dirlisting = 1;
rc = proxy_ftp_command(apr_pstrcat(p, "CWD ",
ftp_escape_globbingchars(p, path), CRLF, NULL),
r, origin, bb, &ftpmessage);
/* possible results: 250, 421, 500, 501, 502, 530, 550 */
/* 250 Requested file action okay, completed. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 530 Not logged in. */
/* 550 Requested action not taken. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc == 550) {
return ap_proxyerror(r, HTTP_NOT_FOUND, ftpmessage);
}
if (rc != 250) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
path = "";
len = 0;
}
}
cwd = ftp_get_PWD(r, origin, bb);
if (cwd != NULL) {
apr_table_set(r->notes, "Directory-PWD", cwd);
}
if (dirlisting) {
ftp_set_TYPE('A', r, origin, bb, NULL);
/* If the current directory contains no slash, we are talking to
* a non-unix ftp system. Try LIST instead of "LIST -lag", it
* should return a long listing anyway (unlike NLST).
* Some exotic FTP servers might choke on the "-lag" switch.
*/
/* Note that we do not escape the path here, to allow for
* queries like: ftp://user@host/apache/src/server/http_*.c
*/
if (len != 0)
buf = apr_pstrcat(p, "LIST ", path, CRLF, NULL);
else if (cwd == NULL || strchr(cwd, '/') != NULL)
buf = apr_pstrcat(p, "LIST -lag", CRLF, NULL);
else
buf = "LIST" CRLF;
}
else {
/* switch to binary if the user did not specify ";type=a" */
ftp_set_TYPE(xfer_type, r, origin, bb, &ftpmessage);
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
/* from draft-ietf-ftpext-mlst-14.txt:
* The FTP command, MODIFICATION TIME (MDTM), can be used to determine
* when a file in the server NVFS was last modified. <..>
* The syntax of a time value is:
* time-val = 14DIGIT [ "." 1*DIGIT ] <..>
* Symbolically, a time-val may be viewed as
* YYYYMMDDHHMMSS.sss
* The "." and subsequent digits ("sss") are optional. <..>
* Time values are always represented in UTC (GMT)
*/
rc = proxy_ftp_command(apr_pstrcat(p, "MDTM ", ftp_escape_globbingchars(p, path), CRLF, NULL),
r, origin, bb, &ftpmessage);
/* then extract the Last-Modified time from it (YYYYMMDDhhmmss or YYYYMMDDhhmmss.xxx GMT). */
if (rc == 213) {
struct {
char YYYY[4+1];
char MM[2+1];
char DD[2+1];
char hh[2+1];
char mm[2+1];
char ss[2+1];
} time_val;
if (6 == sscanf(ftpmessage, "%4[0-9]%2[0-9]%2[0-9]%2[0-9]%2[0-9]%2[0-9]",
time_val.YYYY, time_val.MM, time_val.DD, time_val.hh, time_val.mm, time_val.ss)) {
struct tm tms;
memset (&tms, '\0', sizeof tms);
tms.tm_year = atoi(time_val.YYYY) - 1900;
tms.tm_mon = atoi(time_val.MM) - 1;
tms.tm_mday = atoi(time_val.DD);
tms.tm_hour = atoi(time_val.hh);
tms.tm_min = atoi(time_val.mm);
tms.tm_sec = atoi(time_val.ss);
#ifdef HAVE_TIMEGM /* Does system have timegm()? */
mtime = timegm(&tms);
mtime *= APR_USEC_PER_SEC;
#elif HAVE_GMTOFF /* does struct tm have a member tm_gmtoff? */
/* mktime will subtract the local timezone, which is not what we want.
* Add it again because the MDTM string is GMT
*/
mtime = mktime(&tms);
mtime += tms.tm_gmtoff;
mtime *= APR_USEC_PER_SEC;
#else
mtime = 0L;
#endif
}
}
#endif /* USE_MDTM */
/* FIXME: Handle range requests - send REST */
buf = apr_pstrcat(p, "RETR ", ftp_escape_globbingchars(p, path), CRLF, NULL);
}
rc = proxy_ftp_command(buf, r, origin, bb, &ftpmessage);
/* rc is an intermediate response for the LIST or RETR commands */
/*
* RETR: 110, 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 530,
* 550 NLST: 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 502,
* 530
*/
/* 110 Restart marker reply. */
/* 125 Data connection already open; transfer starting. */
/* 150 File status okay; about to open data connection. */
/* 226 Closing data connection. */
/* 250 Requested file action okay, completed. */
/* 421 Service not available, closing control connection. */
/* 425 Can't open data connection. */
/* 426 Connection closed; transfer aborted. */
/* 450 Requested file action not taken. */
/* 451 Requested action aborted. Local error in processing. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 530 Not logged in. */
/* 550 Requested action not taken. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc == 550) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: RETR failed, trying LIST instead");
/* Directory Listings should always be fetched in ASCII mode */
dirlisting = 1;
ftp_set_TYPE('A', r, origin, bb, NULL);
rc = proxy_ftp_command(apr_pstrcat(p, "CWD ",
ftp_escape_globbingchars(p, path), CRLF, NULL),
r, origin, bb, &ftpmessage);
/* possible results: 250, 421, 500, 501, 502, 530, 550 */
/* 250 Requested file action okay, completed. */
/* 421 Service not available, closing control connection. */
/* 500 Syntax error, command unrecognized. */
/* 501 Syntax error in parameters or arguments. */
/* 502 Command not implemented. */
/* 530 Not logged in. */
/* 550 Requested action not taken. */
if (rc == -1 || rc == 421) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc == 550) {
return ap_proxyerror(r, HTTP_NOT_FOUND, ftpmessage);
}
if (rc != 250) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
/* Update current directory after CWD */
cwd = ftp_get_PWD(r, origin, bb);
if (cwd != NULL) {
apr_table_set(r->notes, "Directory-PWD", cwd);
}
/* See above for the "LIST" vs. "LIST -lag" discussion. */
rc = proxy_ftp_command((cwd == NULL || strchr(cwd, '/') != NULL)
? "LIST -lag" CRLF : "LIST" CRLF,
r, origin, bb, &ftpmessage);
/* rc is an intermediate response for the LIST command (125 transfer starting, 150 opening data connection) */
if (rc == -1 || rc == 421)
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc != 125 && rc != 150 && rc != 226 && rc != 250) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ftpmessage);
}
r->status = HTTP_OK;
r->status_line = "200 OK";
apr_rfc822_date(dates, r->request_time);
apr_table_setn(r->headers_out, "Date", dates);
apr_table_setn(r->headers_out, "Server", ap_get_server_version());
/* set content-type */
if (dirlisting) {
ap_set_content_type(r, "text/html");
}
else {
if (r->content_type) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Type set to %s", r->content_type);
}
else {
ap_set_content_type(r, ap_default_type(r));
}
if (xfer_type != 'A' && size != NULL) {
/* We "trust" the ftp server to really serve (size) bytes... */
apr_table_setn(r->headers_out, "Content-Length", size);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Length set to %s", size);
}
}
apr_table_setn(r->headers_out, "Content-Type", r->content_type);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Type set to %s", r->content_type);
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
if (mtime != 0L) {
char datestr[APR_RFC822_DATE_LEN];
apr_rfc822_date(datestr, mtime);
apr_table_set(r->headers_out, "Last-Modified", datestr);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Last-Modified set to %s", datestr);
}
#endif /* USE_MDTM */
/* If an encoding has been set by mistake, delete it.
* @@@ FIXME (e.g., for ftp://user@host/file*.tar.gz,
* @@@ the encoding is currently set to x-gzip)
*/
if (dirlisting && r->content_encoding != NULL)
r->content_encoding = NULL;
/* set content-encoding (not for dir listings, they are uncompressed)*/
if (r->content_encoding != NULL && r->content_encoding[0] != '\0') {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Encoding set to %s", r->content_encoding);
apr_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
}
/* wait for connection */
if (use_port) {
for (;;) {
rv = apr_accept(&data_sock, local_sock, r->pool);
if (rv == APR_EINTR) {
continue;
}
else if (rv == APR_SUCCESS) {
break;
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: FTP: failed to accept data connection");
return HTTP_BAD_GATEWAY;
}
}
}
/* the transfer socket is now open, create a new connection */
data = ap_run_create_connection(p, r->server, data_sock, r->connection->id,
r->connection->sbh, c->bucket_alloc);
if (!data) {
/*
* the peer reset the connection already; ap_run_create_connection() closed
* the socket
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: an error occurred creating the transfer connection");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* set up the connection filters */
ap_run_pre_connection(data, data_sock);
/*
* VI: Receive the Response ------------------------
*
* Get response from the remote ftp socket, and pass it up the filter chain.
*/
/* send response */
r->sent_bodyct = 1;
if (dirlisting) {
/* insert directory filter */
ap_add_output_filter("PROXY_SEND_DIR", NULL, r, r->connection);
}
/* send body */
if (!r->header_only) {
apr_bucket *e;
int finish = FALSE;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: start body send");
/* read the body, pass it to the output filters */
while (ap_get_brigade(data->input_filters,
bb,
AP_MODE_READBYTES,
APR_BLOCK_READ,
conf->io_buffer_size) == APR_SUCCESS) {
#if DEBUGGING
{
apr_off_t readbytes;
apr_brigade_length(bb, 0, &readbytes);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
r->server, "proxy (PID %d): readbytes: %#x",
getpid(), readbytes);
}
#endif
/* sanity check */
if (APR_BRIGADE_EMPTY(bb)) {
apr_brigade_cleanup(bb);
break;
}
/* found the last brigade? */
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
/* if this is the last brigade, cleanup the
* backend connection first to prevent the
* backend server from hanging around waiting
* for a slow client to eat these bytes
*/
ap_flush_conn(data);
apr_socket_close(data_sock);
data_sock = NULL;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: data connection closed");
/* signal that we must leave */
finish = TRUE;
}
/* if no EOS yet, then we must flush */
if (FALSE == finish) {
e = apr_bucket_flush_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
}
/* try send what we read */
if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS) {
/* Ack! Phbtt! Die! User aborted! */
finish = TRUE;
}
/* make sure we always clean up after ourselves */
apr_brigade_cleanup(bb);
/* if we are done, leave */
if (TRUE == finish) {
break;
}
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: end body send");
}
if (data_sock) {
ap_flush_conn(data);
apr_socket_close(data_sock);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: data connection closed");
}
/* Retrieve the final response for the RETR or LIST commands */
rc = proxy_ftp_command(NULL, r, origin, bb, &ftpmessage);
apr_brigade_cleanup(bb);
/*
* VII: Clean Up -------------
*
* If there are no KeepAlives, or if the connection has been signalled to
* close, close the socket and clean up
*/
/* finish */
rc = proxy_ftp_command("QUIT" CRLF,
r, origin, bb, &ftpmessage);
/* responses: 221, 500 */
/* 221 Service closing control connection. */
/* 500 Syntax error, command unrecognized. */
ap_flush_conn(origin);
if (origin_sock) {
apr_socket_close(origin_sock);
origin_sock = NULL;
}
apr_brigade_destroy(bb);
return OK;
}
static void ap_proxy_ftp_register_hook(apr_pool_t *p)
{
/* hooks */
proxy_hook_scheme_handler(ap_proxy_ftp_handler, NULL, NULL, APR_HOOK_MIDDLE);
proxy_hook_canon_handler(ap_proxy_ftp_canon, NULL, NULL, APR_HOOK_MIDDLE);
/* filters */
ap_register_output_filter("PROXY_SEND_DIR", ap_proxy_send_dir_filter,
NULL, AP_FTYPE_RESOURCE);
}
module AP_MODULE_DECLARE_DATA proxy_ftp_module = {
STANDARD20_MODULE_STUFF,
NULL, /* create per-directory config structure */
NULL, /* merge per-directory config structures */
NULL, /* create per-server config structure */
NULL, /* merge per-server config structures */
NULL, /* command apr_table_t */
ap_proxy_ftp_register_hook /* register hooks */
};